June 15, 2026
Caught with its bits down
Factoring "short-sleeve" RSA keys with polynomials
These secret codes were basically wearing crop tops, and commenters want names
TLDR: Researchers found hundreds of badly generated security keys that could be cracked because the software filled them with suspicious patterns of zeros, and they traced many of them to an old CompleteFTP bug. Commenters are fixated on the bigger mystery: one pattern is still unsolved, sparking throwbacks to past crypto disasters and demands to name the vendor.
Security researchers just dropped a deliciously awkward finding: hundreds of internet keys that were supposed to protect servers were generated so badly that they could be cracked fast. In plain English, some software made “secret” numbers with way too many zeros in them, which made them stick out in giant internet scans like a bad disguise. The researchers even gave them a nickname with peak internet energy: “short-sleeve” keys — because the random bits didn’t fully cover the number.
And the comments immediately locked onto the real drama: who messed this up, and how is one mystery pattern still unexplained? User spydum compared it to the infamous Debian crypto mess from years ago, which is basically the cryptography version of saying, “Oh no, not this nightmare again.” The strongest vibe in the thread is equal parts fascination and side-eye. People seem impressed by the math trick — turning a hard cracking problem into easy polynomial factoring — but the bigger soap-opera twist is that Pattern 1 showed up in certificates linked to huge names like Yahoo and Verizon, and researchers say they didn’t hear back when they asked questions. That silence is doing numbers in the community.
The joke writes itself: your security keys were supposed to wear full winter coats, but some turned up in short sleeves and got exposed immediately. Commenters are now hungry for metadata, vendor names, and a proper culprit reveal — because to them, the unsolved part is the juiciest part.
Key Points
- •Researchers found hundreds of unique weak cryptographic keys in public datasets whose RSA moduli had structured zero-bit patterns and could often be factored quickly.
- •The article identifies two main “short-sleeve” key patterns; pattern 1 is unexplained, while pattern 2 was traced to a type mismatch bug in old CompleteFTP big-integer code.
- •The CompleteFTP issue affected RSA keys generated in versions 10.0.0–12.0.0 and DSA keys generated in versions 10.0.0–23.0.4.
- •The researchers recovered 603 unique RSA private keys and 74 DSA keys linked to the CompleteFTP vulnerability from internet scans.
- •The factoring method exploits limb-level structure in biased moduli by converting integer factorization into polynomial factorization and then reconstructing the secret primes.